Summary

The Cloud Router Switch series are highly integrated switches with high performance MIPS CPU and feature-rich packet processor. The CRS switches can be designed into various Ethernet applications including unmanaged switch, Layer 2 managed switch, carrier switch and wireless/wired unified packet processing.

Abbreviations and Explanations

CVID - Customer VLAN id: inner VLAN tag id of the IEEE 802.1ad frame

SVID - Service VLAN id: outer VLAN tag id of the IEEE 802.1ad frame

IVL - Independent VLAN learning - learning/lookup is based on both MAC
addresses and VLAN IDs.

Port Switching

Similarly to other RouterBoards, port switching on CRS allows wire-speed traffic forwarding among a group of ports, like the ports were a regular Ethernet switch. This feature is configurable by setting a "master-port" property to one or more ports in /interface ethernet menu. The "master-port" will be the port through which the RouterOS will communicate to all ports in the group. Interfaces which have the "master-port" specified become isolated - no traffic can be received and no traffic can be sent out directly from RouterOS.

Here is a general diagram of RouterBoard with a five port switch chip:

A packet that is received by one of the ports always passes through the switch logic first. Switch logic decides to which ports the packet should be going to. Passing packet "up" or giving it to RouterOS is also called sending it to switch chip's “CPU” port. It means at that point switch forwards the packet to CPU port the packet starts to get processed by RouterOS as incoming packet of the “master-port”. If the packet does not have to go to “CPU” port, it is handled entirely by switch logic, does not require any CPU resources and happen at wire-speed.

Additionally, CRS series switches support multiple “master-port” configurations and have no port selection limitations for a port group which makes possible many various switched port combinations with all CRS switch interfaces.

Now ether2 is the “master-port” of the group 1, ether13 – of the group 2 and ether21 – of the group 3.

Note: Previously a link was detected only on interfaces with a physical connection, but now since the ether2, ether13 and ether21 have connection to CPU, the running flag is propagated to them, as well.

CRS Port Switching Example

In essence this configuration is the same as if you had a RouterBoard with 10 Ethernet interfaces and 3 switches:

Shared VLAN Learning (svl) - learning/lookup is based on MAC addresses -
not on VLAN IDs.

Independent VLAN Learning (ivl) - learning/lookup is based on both MAC
addresses and VLAN IDs.

vlan-id (0..4095)

VLAN id of the VLAN member entry.

1:1 VLAN Switching

Sub-menu:/interface ethernet switch
one2one-vlan-switching

1:1 VLAN switching can be used to replace the regular L2 bridging for matched
packets.
When a packet hits an 1:1 VLAN switching table entry, the destination port
information in
the entry is assigned to the packet. The matched destination information in UFDB
and MFDB
entry no longer applies to the packet.

Property

Description

customer-vid (0..4095; Default:
0)

Matching customer VLAN id for 1:1 VLAN switching.

disabled (yes | no; Default: no)

Enables or disables 1:1 VLAN switching table entry.

dst-port (port)

Destination port for matched 1:1 VLAN switching packets.

service-vid (0..4095; Default: 0)

Matching customer VLAN id for 1:1 VLAN switching.

Egress VLAN Tag

Sub-menu:/interface ethernet switch
egress-vlan-tag

Egress packets can be assigned different VLAN tag format. The VLAN tags can be
removed,
added, or remained as is when the packet is sent to the egress port (destination
port). Each
port has dedicated control on the egress VLAN tag format. The tag formats
include:

Shared VLAN Learning (svl) - learning/lookup is based on MAC addresses -
not on VLAN IDs.

Independent VLAN Learning (ivl) - learning/lookup is based on both MAC
addresses and VLAN IDs.

vlan-id (0..4095)

Unicast FDB lookup/learning VLAN id.

Multicast FDB

Sub-menu:/interface ethernet switch
multicast-fdb

CRS125 switch-chip supports up to 1024 entries in MFDB for multicast forwarding.
For each multicast packet, destination MAC or destination IP lookup is performed
in MFDB. MFDB entries are not
automatically learnt and can only be configured.

Property

Description

addr-type (ip | mac; Default:
mac)

Matching address type for multicast packets.

bypass-vlan-filter (yes | no; Default:
no)

Allow to bypass VLAN filtering for matching multicast packets.

disabled (yes | no; Default: no)

Enables or disables Multicast FDB entry.

ip-address (IP address; Default:
0.0.0.0)

Matching IP address for multicast packets.

mac-address (MAC address; Default:
00:00:00:00:00:00)

Matching MAC address for multicast packets.

ports (ports)

Member ports for multicast traffic.

qos-group (none; Default: none)

Defined QoS group from "QoS group" menu.

svl (yes | no; Default: no)

Multicast FDB learning mode:

Shared VLAN Learning (svl) - learning/lookup is based on MAC addresses -
not on VLAN IDs.

Independent VLAN Learning (ivl) - learning/lookup is based on both MAC
addresses and VLAN IDs.

copy-to-cpu - Packets are copied to CPU when their destination
MAC match the entry.

drop - Packets are dropped when their destination MAC match the
entry.

forward - Packets are forwarded when their destination MAC
match the entry.

redirect-to-cpu - Packets are redirected to CPU when their
destination MAC match the entry.

bypass-vlan-filter (yes | no; Default:
no)

Allow to bypass VLAN filtering for matching packets.

disabled (yes | no; Default: no)

Enables or disables Reserved FDB entry.

mac-address (MAC address; Default:
00:00:00:00:00:00)

Matching MAC address for RFDB entry.

qos-group (none; Default: none)

Defined QoS group from "QoS group" menu.

Port Isolation/Leakage

Sub-menu:/interface ethernet switch
port-isolation

Sub-menu:/interface ethernet switch
port-leakage

The CRS switches support flexible multi-level isolation features, which can be
used for user access control, traffic engineering and advanced security and
network management.
The isolation features provide an organized fabric structure allowing user to
easily program and
control the access by port, MAC address, VLAN, protocol, flow and frame type.
The following isolation and leakage features are supported:

Port-level isolation

MAC-level isolation

VLAN-level isolation

Protocol-level isolation

Flow-level isolation

Free combination of the above

Port-level isolation supports different control schemes on source port and
destination port. Each
entry can be programmed with access control for either source port or
destination port.

When the entry is programmed with source port access control, the entry is

applied to the ingress packets.

When the entry is programmed with destination port access control, the entry

is applied to the egress packets.

Port leakage allows bypassing egress VLAN filtering on the port. Leaky port is
allowed to access
other ports for various applications such as security, network control and
management.
Note: When both isolation and leakage is applied to the same port, the port is
isolated.

Property

Description

disabled (yes | no; Default: no)

Enables or disables port isolation/leakage entry.

flow-id (0..63; Default: none)

include-arp (yes | no; Default:
yes)

Includes ARP packets into Port-level isolation/leakage.

include-bridged (yes | no; Default:
yes)

Includes packets which are bridged by switch-chip into Port-level
isolation/leakage.

include-broadcast (yes | no; Default:
yes)

Includes broadcast packets into Port-level isolation/leakage.

include-dhcpv4 (yes | no; Default:
yes)

Includes DHCPv4 packets into Port-level isolation/leakage.

include-dhcpv6 (yes | no; Default:
yes)

Includes DHCPv6 packets into Port-level isolation/leakage.

include-known (yes | no; Default:
yes)

Includes packets with known destination MAC into Port-level
isolation/leakage.

Shaper

Sub-menu:/interface ethernet switch
shaper

Traffic shaping restricts the rate and burst size of the flow which is
transmitted out from the
interface. The shaper is implemented by a token bucket. If the packet exceeds
the maximum rate or
the burst size, which means no enough token for the packet, the packet is stored
to buffer until
there is enough token to transmit it.

Property

Description

burst (integer; Default:
100k)

Maximum data rate which can be transmitted while the burst is
allowed.

disabled (yes | no; Default: no)

Enables or disables traffic shaper entry.

meter-unit (bit | packet; Default:
bit)

Measuring units for traffic shaper rate.

port (port)

Physical port for traffic shaper.

rate (integer; Default:
1M)

Maximum data rate limit.

target (port | queueX | wrr-groupX; Default:
port)

Three levels of shapers are supported on each port (including CPU port):

Port level - Entry applies to port of the switch-chip.

WRR group level - Entry applies to one of the 2 Weighted Round
Robin queue groups (wrr-group0, wrr-group1) on port.

Queue level - Entry applies to one of the 8 queues (queue0 -
queue7) on port.

QoS Group

Sub-menu:/interface ethernet switch
qos-group

The global QoS group table is used for VLAN-based, Protocol-based and MAC-based
QoS group assignment configuration.

Property

Description

change-dei (yes | no; Default:
no)

Whether to change DEI for the QoS group.

change-dscp (yes | no; Default:
no)

Whether to change DSCP for the QoS group.

change-pcp (yes | no; Default:
no)

Whether to change PCP for the QoS group.

dei (0..1; Default: 0)

The new value of DEI for the QoS group.

disabled (yes | no; Default: no)

Enables or disables protocol QoS group entry.

drop-precedence (drop | green | red | yellow;
Default: green)

Drop precedence is internal QoS attribute used for packet enqueuing or
dropping.

dscp (0..63; Default: 0)

The new value of DSCP for the QoS group.

name (string value; Default:
groupX)

Name of the QoS group.

pcp (0..7; Default: 0)

The new value of PCP for the QoS group.

priority (0..15; Default: 0)

Internal priority is a local significance of priority for classifying
traffics to different egress queues on a port.

DSCP QoS Map

Sub-menu:/interface ethernet switch
dscp-qos-map

The global DSCP to QOS mapping table is used for mapping from DSCP of the packet
to new QoS attributes configured in the table.

Property

Description

dei (0..1; Default: 0)

The new value of DEI for the DSCP to QOS mapping entry.

drop-precedence (drop | green | red | yellow;
Default: green)

The new value of Drop precedence for the DSCP to QOS mapping entry.

pcp (0..7; Default: 0)

The new value of PCP for the DSCP to QOS mapping entry.

priority (0..15; Default: 0)

The new value of internal priority for the DSCP to QOS mapping
entry.

DSCP To DSCP Map

Sub-menu:/interface ethernet switch
dscp-to-dscp

The global DSCP to DSCP mapping table is used for mapping from the packet's
original DSCP to new DSCP value configured in the table.